Happy to report that I’m back to writing more about WordPress. Today, the WPMUDev blog published a new story of mine on the security tradeoffs involved in using the XML-RPC support in WordPress core.
XML-RPC and Why It’s Time to Remove it for WordPress Security
What’s the problem with XML-RPC?
You’ll learn about the reasons for and history of Remote Process Calls in WordPress and other blogging platforms. You’ll also learn how to protect your site if you happen to like some of the tools that use XML-RPC.
It’s not a fear-mongering story, with some practical advice, and a look to the not-too-distant future when the WordPress REST Application Programming Interface fixes this problem. Go check out the story. Participate in the discussion. Share the link with your networks. Let me know what you think, too.